Please tell you didn't disclose the vuln without fixing it first.
 >>/29890/
Staff should never need to see IPs, not even the admin. IPs of hostile actors are worthless in the age of residential VPNs, "free" proxies and IPv6.
 >>/29917/
 >>/29966/
Not hard, you could even do it with a bash script. Crawl the post database table every X hours, check if a post is at least Y hours old, replace the ip field of the post row with NULL or a fake IP like 1.1.1.1 if the software can't handle null strings.